On Thu, May 20, 2010 at 10:26 PM, Roger Leigh <[email protected]> wrote: > Package: cups-pdf > Version: 2.5.0-14 > Severity: normal > > % ls -ld /var/spool/cups-pdf/ANONYMOUS > drwxrwxrwt 2 nobody nogroup 4096 Jan 27 2009 /var/spool/cups-pdf/ANONYMOUS > > This directory is world-writable with the sticky-bit set, which allows > any user to create files and directories in this location. However, the > ownership is not appropriate; compare with /tmp: > > % ls -ld /tmp > drwxrwxrwt 13 root root 300 May 20 20:20 /tmp > > The ownership by nobody:nogroup gives processes run under this > UID and/or GID additional privileges to delete content under this > location. Given that they are intended to be a restricted-privilege > user/group, this is not appropriate. Ownership by root:root is > perfectly acceptable here (if you're creating files in here owned > by nobody:nogroup that will still work fine).
If I recall correctly, it was suggested that I'd make this directory owned by nobody:nogroup to give it the lowest possible priority, because of the risky way that Samba accesses this spool when offering login-free guest printer access. I welcome debian-devel's input on whether this statement is correct or not. Martin-Éric -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

